Virus Outbreak: Vietnam-linked hackers target PRC

Reuters, LONDON and WASHINGTON





Hackers working in support of the Vietnamese government have attempted to break into Chinese state organizations at the center of Beijing’s efforts to contain COVID-19, US cybersecurity firm FireEye said on Wednesday.

FireEye said a hacking group known as APT32 had tried to compromise the personal and professional e-mail accounts of staff at the Chinese Ministry of Emergency Management and the government of Wuhan, the epicenter of the global pandemic.

Investigators at FireEye and other cybersecurity firms have said they believe that APT32 operates on behalf of the Vietnamese government.

The group’s activity mirrors attempts by a host of state-backed hackers to compromise governments, businesses and health agencies in search of information about the coronavirus and attempts to combat it.

“These attacks speak to the virus being an intelligence priority — everyone is throwing everything they’ve got at it, and APT32 is what Vietnam has,” said Ben Read, senior manager for analysis at FireEye’s Mandiant threat intelligence unit.

The Vietnamese government did not respond to a request for comment. Messages sent to e-mail addresses used by the hackers went unanswered.

The Cyberspace Administration of China, the Chinese Ministry of Emergency Management and the Wuhan City Government did not immediately respond to requests for comment.

Vietnam was quick to react to the first reports of the coronavirus, sealing off its border with China, and implementing an aggressive program of contact tracing and quarantine measures that have kept cases of infection in the nation below 300.

Adam Segal, a cybersecurity expert at the Council on Foreign Relations in New York, said that the hacking activity suggested Hanoi also took swift action in cyberspace.

The earliest hacking attempt identified by FireEye predated the first known international infection by a week, he said.

“It shows both a distrust about Chinese government announcements and a sense that when China sneezes, it is its neighbors that get the flu — in this case literally,” Segal said.

FireEye said that APT32 targeted a small group of people with e-mails that included tracking links to notify the hackers when they were opened. The attackers then planned to send further e-mails with malicious attachments containing a virus called “METALJACK,” that would give them illicit access to their victims’ computers.

Marc-Etienne Leveille, a researcher at Slovakia-based software security firm ESET, said that APT32 had used the same malware to target other governments and organizations in Asia, as well as political activists and dissidents in Vietnam.

It is unclear if the intrusion attempts in China were successful, but the attacks show that hackers rhave had to quickly reorganize their operations in response to the pandemic, Mandiant senior director of analysis John Hultquist said.

“This is precisely what we would expect. A crisis develops and there’s a shortage of information, so intelligence collectors are deployed,” Hultquist said. “This crisis is of such an extreme interest to every country on Earth that it surpasses the intelligence necessities normally associated with armed conflict. It is absolutely existential.”